CVE-2025-66451

Name of the Vulnerable Software and Affected Versions LibreChat versions 0.8.0 and below

Description LibreChat, a ChatGPT clone, has an issue where input validation is insufficient when creating prompts. JSON requests sent to the /api/prompts/groups/:groupId endpoint via the PATCH method are not properly validated. This allows users to modify prompts in unintended ways due to the patchPromptGroup function passing the request body (req.body) directly to the updatePromptGroup function without filtering sensitive fields.

Recommendations LibreChat versions prior to 0.8.1 should be updated to version 0.8.1 or later.